xref: /openbmc/linux/drivers/crypto/bcm/spu.c (revision 4e1a33b1)
1 /*
2  * Copyright 2016 Broadcom
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License, version 2, as
6  * published by the Free Software Foundation (the "GPL").
7  *
8  * This program is distributed in the hope that it will be useful, but
9  * WITHOUT ANY WARRANTY; without even the implied warranty of
10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
11  * General Public License version 2 (GPLv2) for more details.
12  *
13  * You should have received a copy of the GNU General Public License
14  * version 2 (GPLv2) along with this source code.
15  */
16 
17 #include <linux/kernel.h>
18 #include <linux/string.h>
19 
20 #include "util.h"
21 #include "spu.h"
22 #include "spum.h"
23 #include "cipher.h"
24 
25 /* This array is based on the hash algo type supported in spu.h */
26 char *tag_to_hash_idx[] = { "none", "md5", "sha1", "sha224", "sha256" };
27 
28 char *hash_alg_name[] = { "None", "md5", "sha1", "sha224", "sha256", "aes",
29 	"sha384", "sha512", "sha3_224", "sha3_256", "sha3_384", "sha3_512" };
30 
31 char *aead_alg_name[] = { "ccm(aes)", "gcm(aes)", "authenc" };
32 
33 /* Assumes SPU-M messages are in big endian */
34 void spum_dump_msg_hdr(u8 *buf, unsigned int buf_len)
35 {
36 	u8 *ptr = buf;
37 	struct SPUHEADER *spuh = (struct SPUHEADER *)buf;
38 	unsigned int hash_key_len = 0;
39 	unsigned int hash_state_len = 0;
40 	unsigned int cipher_key_len = 0;
41 	unsigned int iv_len;
42 	u32 pflags;
43 	u32 cflags;
44 	u32 ecf;
45 	u32 cipher_alg;
46 	u32 cipher_mode;
47 	u32 cipher_type;
48 	u32 hash_alg;
49 	u32 hash_mode;
50 	u32 hash_type;
51 	u32 sctx_size;   /* SCTX length in words */
52 	u32 sctx_pl_len; /* SCTX payload length in bytes */
53 
54 	packet_log("\n");
55 	packet_log("SPU Message header %p len: %u\n", buf, buf_len);
56 
57 	/* ========== Decode MH ========== */
58 	packet_log("  MH 0x%08x\n", be32_to_cpu(*((u32 *)ptr)));
59 	if (spuh->mh.flags & MH_SCTX_PRES)
60 		packet_log("    SCTX  present\n");
61 	if (spuh->mh.flags & MH_BDESC_PRES)
62 		packet_log("    BDESC present\n");
63 	if (spuh->mh.flags & MH_MFM_PRES)
64 		packet_log("    MFM   present\n");
65 	if (spuh->mh.flags & MH_BD_PRES)
66 		packet_log("    BD    present\n");
67 	if (spuh->mh.flags & MH_HASH_PRES)
68 		packet_log("    HASH  present\n");
69 	if (spuh->mh.flags & MH_SUPDT_PRES)
70 		packet_log("    SUPDT present\n");
71 	packet_log("    Opcode 0x%02x\n", spuh->mh.op_code);
72 
73 	ptr += sizeof(spuh->mh) + sizeof(spuh->emh);  /* skip emh. unused */
74 
75 	/* ========== Decode SCTX ========== */
76 	if (spuh->mh.flags & MH_SCTX_PRES) {
77 		pflags = be32_to_cpu(spuh->sa.proto_flags);
78 		packet_log("  SCTX[0] 0x%08x\n", pflags);
79 		sctx_size = pflags & SCTX_SIZE;
80 		packet_log("    Size %u words\n", sctx_size);
81 
82 		cflags = be32_to_cpu(spuh->sa.cipher_flags);
83 		packet_log("  SCTX[1] 0x%08x\n", cflags);
84 		packet_log("    Inbound:%lu (1:decrypt/vrfy 0:encrypt/auth)\n",
85 			   (cflags & CIPHER_INBOUND) >> CIPHER_INBOUND_SHIFT);
86 		packet_log("    Order:%lu (1:AuthFirst 0:EncFirst)\n",
87 			   (cflags & CIPHER_ORDER) >> CIPHER_ORDER_SHIFT);
88 		packet_log("    ICV_IS_512:%lx\n",
89 			   (cflags & ICV_IS_512) >> ICV_IS_512_SHIFT);
90 		cipher_alg = (cflags & CIPHER_ALG) >> CIPHER_ALG_SHIFT;
91 		cipher_mode = (cflags & CIPHER_MODE) >> CIPHER_MODE_SHIFT;
92 		cipher_type = (cflags & CIPHER_TYPE) >> CIPHER_TYPE_SHIFT;
93 		packet_log("    Crypto Alg:%u Mode:%u Type:%u\n",
94 			   cipher_alg, cipher_mode, cipher_type);
95 		hash_alg = (cflags & HASH_ALG) >> HASH_ALG_SHIFT;
96 		hash_mode = (cflags & HASH_MODE) >> HASH_MODE_SHIFT;
97 		hash_type = (cflags & HASH_TYPE) >> HASH_TYPE_SHIFT;
98 		packet_log("    Hash   Alg:%x Mode:%x Type:%x\n",
99 			   hash_alg, hash_mode, hash_type);
100 		packet_log("    UPDT_Offset:%u\n", cflags & UPDT_OFST);
101 
102 		ecf = be32_to_cpu(spuh->sa.ecf);
103 		packet_log("  SCTX[2] 0x%08x\n", ecf);
104 		packet_log("    WriteICV:%lu CheckICV:%lu ICV_SIZE:%u ",
105 			   (ecf & INSERT_ICV) >> INSERT_ICV_SHIFT,
106 			   (ecf & CHECK_ICV) >> CHECK_ICV_SHIFT,
107 			   (ecf & ICV_SIZE) >> ICV_SIZE_SHIFT);
108 		packet_log("BD_SUPPRESS:%lu\n",
109 			   (ecf & BD_SUPPRESS) >> BD_SUPPRESS_SHIFT);
110 		packet_log("    SCTX_IV:%lu ExplicitIV:%lu GenIV:%lu ",
111 			   (ecf & SCTX_IV) >> SCTX_IV_SHIFT,
112 			   (ecf & EXPLICIT_IV) >> EXPLICIT_IV_SHIFT,
113 			   (ecf & GEN_IV) >> GEN_IV_SHIFT);
114 		packet_log("IV_OV_OFST:%lu EXP_IV_SIZE:%u\n",
115 			   (ecf & IV_OFFSET) >> IV_OFFSET_SHIFT,
116 			   ecf & EXP_IV_SIZE);
117 
118 		ptr += sizeof(struct SCTX);
119 
120 		if (hash_alg && hash_mode) {
121 			char *name = "NONE";
122 
123 			switch (hash_alg) {
124 			case HASH_ALG_MD5:
125 				hash_key_len = 16;
126 				name = "MD5";
127 				break;
128 			case HASH_ALG_SHA1:
129 				hash_key_len = 20;
130 				name = "SHA1";
131 				break;
132 			case HASH_ALG_SHA224:
133 				hash_key_len = 28;
134 				name = "SHA224";
135 				break;
136 			case HASH_ALG_SHA256:
137 				hash_key_len = 32;
138 				name = "SHA256";
139 				break;
140 			case HASH_ALG_SHA384:
141 				hash_key_len = 48;
142 				name = "SHA384";
143 				break;
144 			case HASH_ALG_SHA512:
145 				hash_key_len = 64;
146 				name = "SHA512";
147 				break;
148 			case HASH_ALG_AES:
149 				hash_key_len = 0;
150 				name = "AES";
151 				break;
152 			case HASH_ALG_NONE:
153 				break;
154 			}
155 
156 			packet_log("    Auth Key Type:%s Length:%u Bytes\n",
157 				   name, hash_key_len);
158 			packet_dump("    KEY: ", ptr, hash_key_len);
159 			ptr += hash_key_len;
160 		} else if ((hash_alg == HASH_ALG_AES) &&
161 			   (hash_mode == HASH_MODE_XCBC)) {
162 			char *name = "NONE";
163 
164 			switch (cipher_type) {
165 			case CIPHER_TYPE_AES128:
166 				hash_key_len = 16;
167 				name = "AES128-XCBC";
168 				break;
169 			case CIPHER_TYPE_AES192:
170 				hash_key_len = 24;
171 				name = "AES192-XCBC";
172 				break;
173 			case CIPHER_TYPE_AES256:
174 				hash_key_len = 32;
175 				name = "AES256-XCBC";
176 				break;
177 			}
178 			packet_log("    Auth Key Type:%s Length:%u Bytes\n",
179 				   name, hash_key_len);
180 			packet_dump("    KEY: ", ptr, hash_key_len);
181 			ptr += hash_key_len;
182 		}
183 
184 		if (hash_alg && (hash_mode == HASH_MODE_NONE) &&
185 		    (hash_type == HASH_TYPE_UPDT)) {
186 			char *name = "NONE";
187 
188 			switch (hash_alg) {
189 			case HASH_ALG_MD5:
190 				hash_state_len = 16;
191 				name = "MD5";
192 				break;
193 			case HASH_ALG_SHA1:
194 				hash_state_len = 20;
195 				name = "SHA1";
196 				break;
197 			case HASH_ALG_SHA224:
198 				hash_state_len = 32;
199 				name = "SHA224";
200 				break;
201 			case HASH_ALG_SHA256:
202 				hash_state_len = 32;
203 				name = "SHA256";
204 				break;
205 			case HASH_ALG_SHA384:
206 				hash_state_len = 48;
207 				name = "SHA384";
208 				break;
209 			case HASH_ALG_SHA512:
210 				hash_state_len = 64;
211 				name = "SHA512";
212 				break;
213 			case HASH_ALG_AES:
214 				hash_state_len = 0;
215 				name = "AES";
216 				break;
217 			case HASH_ALG_NONE:
218 				break;
219 			}
220 
221 			packet_log("    Auth State Type:%s Length:%u Bytes\n",
222 				   name, hash_state_len);
223 			packet_dump("    State: ", ptr, hash_state_len);
224 			ptr += hash_state_len;
225 		}
226 
227 		if (cipher_alg) {
228 			char *name = "NONE";
229 
230 			switch (cipher_alg) {
231 			case CIPHER_ALG_DES:
232 				cipher_key_len = 8;
233 				name = "DES";
234 				break;
235 			case CIPHER_ALG_3DES:
236 				cipher_key_len = 24;
237 				name = "3DES";
238 				break;
239 			case CIPHER_ALG_RC4:
240 				cipher_key_len = 260;
241 				name = "ARC4";
242 				break;
243 			case CIPHER_ALG_AES:
244 				switch (cipher_type) {
245 				case CIPHER_TYPE_AES128:
246 					cipher_key_len = 16;
247 					name = "AES128";
248 					break;
249 				case CIPHER_TYPE_AES192:
250 					cipher_key_len = 24;
251 					name = "AES192";
252 					break;
253 				case CIPHER_TYPE_AES256:
254 					cipher_key_len = 32;
255 					name = "AES256";
256 					break;
257 				}
258 				break;
259 			case CIPHER_ALG_NONE:
260 				break;
261 			}
262 
263 			packet_log("    Cipher Key Type:%s Length:%u Bytes\n",
264 				   name, cipher_key_len);
265 
266 			/* XTS has two keys */
267 			if (cipher_mode == CIPHER_MODE_XTS) {
268 				packet_dump("    KEY2: ", ptr, cipher_key_len);
269 				ptr += cipher_key_len;
270 				packet_dump("    KEY1: ", ptr, cipher_key_len);
271 				ptr += cipher_key_len;
272 
273 				cipher_key_len *= 2;
274 			} else {
275 				packet_dump("    KEY: ", ptr, cipher_key_len);
276 				ptr += cipher_key_len;
277 			}
278 
279 			if (ecf & SCTX_IV) {
280 				sctx_pl_len = sctx_size * sizeof(u32) -
281 					sizeof(struct SCTX);
282 				iv_len = sctx_pl_len -
283 					(hash_key_len + hash_state_len +
284 					 cipher_key_len);
285 				packet_log("    IV Length:%u Bytes\n", iv_len);
286 				packet_dump("    IV: ", ptr, iv_len);
287 				ptr += iv_len;
288 			}
289 		}
290 	}
291 
292 	/* ========== Decode BDESC ========== */
293 	if (spuh->mh.flags & MH_BDESC_PRES) {
294 #ifdef DEBUG
295 		struct BDESC_HEADER *bdesc = (struct BDESC_HEADER *)ptr;
296 #endif
297 		packet_log("  BDESC[0] 0x%08x\n", be32_to_cpu(*((u32 *)ptr)));
298 		packet_log("    OffsetMAC:%u LengthMAC:%u\n",
299 			   be16_to_cpu(bdesc->offset_mac),
300 			   be16_to_cpu(bdesc->length_mac));
301 		ptr += sizeof(u32);
302 
303 		packet_log("  BDESC[1] 0x%08x\n", be32_to_cpu(*((u32 *)ptr)));
304 		packet_log("    OffsetCrypto:%u LengthCrypto:%u\n",
305 			   be16_to_cpu(bdesc->offset_crypto),
306 			   be16_to_cpu(bdesc->length_crypto));
307 		ptr += sizeof(u32);
308 
309 		packet_log("  BDESC[2] 0x%08x\n", be32_to_cpu(*((u32 *)ptr)));
310 		packet_log("    OffsetICV:%u OffsetIV:%u\n",
311 			   be16_to_cpu(bdesc->offset_icv),
312 			   be16_to_cpu(bdesc->offset_iv));
313 		ptr += sizeof(u32);
314 	}
315 
316 	/* ========== Decode BD ========== */
317 	if (spuh->mh.flags & MH_BD_PRES) {
318 #ifdef DEBUG
319 		struct BD_HEADER *bd = (struct BD_HEADER *)ptr;
320 #endif
321 		packet_log("  BD[0] 0x%08x\n", be32_to_cpu(*((u32 *)ptr)));
322 		packet_log("    Size:%ubytes PrevLength:%u\n",
323 			   be16_to_cpu(bd->size), be16_to_cpu(bd->prev_length));
324 		ptr += 4;
325 	}
326 
327 	/* Double check sanity */
328 	if (buf + buf_len != ptr) {
329 		packet_log(" Packet parsed incorrectly. ");
330 		packet_log("buf:%p buf_len:%u buf+buf_len:%p ptr:%p\n",
331 			   buf, buf_len, buf + buf_len, ptr);
332 	}
333 
334 	packet_log("\n");
335 }
336 
337 /**
338  * spum_ns2_ctx_max_payload() - Determine the max length of the payload for a
339  * SPU message for a given cipher and hash alg context.
340  * @cipher_alg:		The cipher algorithm
341  * @cipher_mode:	The cipher mode
342  * @blocksize:		The size of a block of data for this algo
343  *
344  * The max payload must be a multiple of the blocksize so that if a request is
345  * too large to fit in a single SPU message, the request can be broken into
346  * max_payload sized chunks. Each chunk must be a multiple of blocksize.
347  *
348  * Return: Max payload length in bytes
349  */
350 u32 spum_ns2_ctx_max_payload(enum spu_cipher_alg cipher_alg,
351 			     enum spu_cipher_mode cipher_mode,
352 			     unsigned int blocksize)
353 {
354 	u32 max_payload = SPUM_NS2_MAX_PAYLOAD;
355 	u32 excess;
356 
357 	/* In XTS on SPU-M, we'll need to insert tweak before input data */
358 	if (cipher_mode == CIPHER_MODE_XTS)
359 		max_payload -= SPU_XTS_TWEAK_SIZE;
360 
361 	excess = max_payload % blocksize;
362 
363 	return max_payload - excess;
364 }
365 
366 /**
367  * spum_nsp_ctx_max_payload() - Determine the max length of the payload for a
368  * SPU message for a given cipher and hash alg context.
369  * @cipher_alg:		The cipher algorithm
370  * @cipher_mode:	The cipher mode
371  * @blocksize:		The size of a block of data for this algo
372  *
373  * The max payload must be a multiple of the blocksize so that if a request is
374  * too large to fit in a single SPU message, the request can be broken into
375  * max_payload sized chunks. Each chunk must be a multiple of blocksize.
376  *
377  * Return: Max payload length in bytes
378  */
379 u32 spum_nsp_ctx_max_payload(enum spu_cipher_alg cipher_alg,
380 			     enum spu_cipher_mode cipher_mode,
381 			     unsigned int blocksize)
382 {
383 	u32 max_payload = SPUM_NSP_MAX_PAYLOAD;
384 	u32 excess;
385 
386 	/* In XTS on SPU-M, we'll need to insert tweak before input data */
387 	if (cipher_mode == CIPHER_MODE_XTS)
388 		max_payload -= SPU_XTS_TWEAK_SIZE;
389 
390 	excess = max_payload % blocksize;
391 
392 	return max_payload - excess;
393 }
394 
395 /** spum_payload_length() - Given a SPU-M message header, extract the payload
396  * length.
397  * @spu_hdr:	Start of SPU header
398  *
399  * Assumes just MH, EMH, BD (no SCTX, BDESC. Works for response frames.
400  *
401  * Return: payload length in bytes
402  */
403 u32 spum_payload_length(u8 *spu_hdr)
404 {
405 	struct BD_HEADER *bd;
406 	u32 pl_len;
407 
408 	/* Find BD header.  skip MH, EMH */
409 	bd = (struct BD_HEADER *)(spu_hdr + 8);
410 	pl_len = be16_to_cpu(bd->size);
411 
412 	return pl_len;
413 }
414 
415 /**
416  * spum_response_hdr_len() - Given the length of the hash key and encryption
417  * key, determine the expected length of a SPU response header.
418  * @auth_key_len:	authentication key length (bytes)
419  * @enc_key_len:	encryption key length (bytes)
420  * @is_hash:		true if response message is for a hash operation
421  *
422  * Return: length of SPU response header (bytes)
423  */
424 u16 spum_response_hdr_len(u16 auth_key_len, u16 enc_key_len, bool is_hash)
425 {
426 	if (is_hash)
427 		return SPU_HASH_RESP_HDR_LEN;
428 	else
429 		return SPU_RESP_HDR_LEN;
430 }
431 
432 /**
433  * spum_hash_pad_len() - Calculate the length of hash padding required to extend
434  * data to a full block size.
435  * @hash_alg:   hash algorithm
436  * @hash_mode:       hash mode
437  * @chunksize:  length of data, in bytes
438  * @hash_block_size:  size of a block of data for hash algorithm
439  *
440  * Reserve space for 1 byte (0x80) start of pad and the total length as u64
441  *
442  * Return:  length of hash pad in bytes
443  */
444 u16 spum_hash_pad_len(enum hash_alg hash_alg, enum hash_mode hash_mode,
445 		      u32 chunksize, u16 hash_block_size)
446 {
447 	unsigned int length_len;
448 	unsigned int used_space_last_block;
449 	int hash_pad_len;
450 
451 	/* AES-XCBC hash requires just padding to next block boundary */
452 	if ((hash_alg == HASH_ALG_AES) && (hash_mode == HASH_MODE_XCBC)) {
453 		used_space_last_block = chunksize % hash_block_size;
454 		hash_pad_len = hash_block_size - used_space_last_block;
455 		if (hash_pad_len >= hash_block_size)
456 			hash_pad_len -= hash_block_size;
457 		return hash_pad_len;
458 	}
459 
460 	used_space_last_block = chunksize % hash_block_size + 1;
461 	if ((hash_alg == HASH_ALG_SHA384) || (hash_alg == HASH_ALG_SHA512))
462 		length_len = 2 * sizeof(u64);
463 	else
464 		length_len = sizeof(u64);
465 
466 	used_space_last_block += length_len;
467 	hash_pad_len = hash_block_size - used_space_last_block;
468 	if (hash_pad_len < 0)
469 		hash_pad_len += hash_block_size;
470 
471 	hash_pad_len += 1 + length_len;
472 	return hash_pad_len;
473 }
474 
475 /**
476  * spum_gcm_ccm_pad_len() - Determine the required length of GCM or CCM padding.
477  * @cipher_mode:	Algo type
478  * @data_size:		Length of plaintext (bytes)
479  *
480  * @Return: Length of padding, in bytes
481  */
482 u32 spum_gcm_ccm_pad_len(enum spu_cipher_mode cipher_mode,
483 			 unsigned int data_size)
484 {
485 	u32 pad_len = 0;
486 	u32 m1 = SPU_GCM_CCM_ALIGN - 1;
487 
488 	if ((cipher_mode == CIPHER_MODE_GCM) ||
489 	    (cipher_mode == CIPHER_MODE_CCM))
490 		pad_len = ((data_size + m1) & ~m1) - data_size;
491 
492 	return pad_len;
493 }
494 
495 /**
496  * spum_assoc_resp_len() - Determine the size of the receive buffer required to
497  * catch associated data.
498  * @cipher_mode:	cipher mode
499  * @assoc_len:		length of associated data (bytes)
500  * @iv_len:		length of IV (bytes)
501  * @is_encrypt:		true if encrypting. false if decrypting.
502  *
503  * Return: length of associated data in response message (bytes)
504  */
505 u32 spum_assoc_resp_len(enum spu_cipher_mode cipher_mode,
506 			unsigned int assoc_len, unsigned int iv_len,
507 			bool is_encrypt)
508 {
509 	u32 buflen = 0;
510 	u32 pad;
511 
512 	if (assoc_len)
513 		buflen = assoc_len;
514 
515 	if (cipher_mode == CIPHER_MODE_GCM) {
516 		/* AAD needs to be padded in responses too */
517 		pad = spum_gcm_ccm_pad_len(cipher_mode, buflen);
518 		buflen += pad;
519 	}
520 	if (cipher_mode == CIPHER_MODE_CCM) {
521 		/*
522 		 * AAD needs to be padded in responses too
523 		 * for CCM, len + 2 needs to be 128-bit aligned.
524 		 */
525 		pad = spum_gcm_ccm_pad_len(cipher_mode, buflen + 2);
526 		buflen += pad;
527 	}
528 
529 	return buflen;
530 }
531 
532 /**
533  * spu_aead_ivlen() - Calculate the length of the AEAD IV to be included
534  * in a SPU request after the AAD and before the payload.
535  * @cipher_mode:  cipher mode
536  * @iv_ctr_len:   initialization vector length in bytes
537  *
538  * In Linux ~4.2 and later, the assoc_data sg includes the IV. So no need
539  * to include the IV as a separate field in the SPU request msg.
540  *
541  * Return: Length of AEAD IV in bytes
542  */
543 u8 spum_aead_ivlen(enum spu_cipher_mode cipher_mode, u16 iv_len)
544 {
545 	return 0;
546 }
547 
548 /**
549  * spum_hash_type() - Determine the type of hash operation.
550  * @src_sent:  The number of bytes in the current request that have already
551  *             been sent to the SPU to be hashed.
552  *
553  * We do not use HASH_TYPE_FULL for requests that fit in a single SPU message.
554  * Using FULL causes failures (such as when the string to be hashed is empty).
555  * For similar reasons, we never use HASH_TYPE_FIN. Instead, submit messages
556  * as INIT or UPDT and do the hash padding in sw.
557  */
558 enum hash_type spum_hash_type(u32 src_sent)
559 {
560 	return src_sent ? HASH_TYPE_UPDT : HASH_TYPE_INIT;
561 }
562 
563 /**
564  * spum_digest_size() - Determine the size of a hash digest to expect the SPU to
565  * return.
566  * alg_digest_size: Number of bytes in the final digest for the given algo
567  * alg:             The hash algorithm
568  * htype:           Type of hash operation (init, update, full, etc)
569  *
570  * When doing incremental hashing for an algorithm with a truncated hash
571  * (e.g., SHA224), the SPU returns the full digest so that it can be fed back as
572  * a partial result for the next chunk.
573  */
574 u32 spum_digest_size(u32 alg_digest_size, enum hash_alg alg,
575 		     enum hash_type htype)
576 {
577 	u32 digestsize = alg_digest_size;
578 
579 	/* SPU returns complete digest when doing incremental hash and truncated
580 	 * hash algo.
581 	 */
582 	if ((htype == HASH_TYPE_INIT) || (htype == HASH_TYPE_UPDT)) {
583 		if (alg == HASH_ALG_SHA224)
584 			digestsize = SHA256_DIGEST_SIZE;
585 		else if (alg == HASH_ALG_SHA384)
586 			digestsize = SHA512_DIGEST_SIZE;
587 	}
588 	return digestsize;
589 }
590 
591 /**
592  * spum_create_request() - Build a SPU request message header, up to and
593  * including the BD header. Construct the message starting at spu_hdr. Caller
594  * should allocate this buffer in DMA-able memory at least SPU_HEADER_ALLOC_LEN
595  * bytes long.
596  * @spu_hdr: Start of buffer where SPU request header is to be written
597  * @req_opts: SPU request message options
598  * @cipher_parms: Parameters related to cipher algorithm
599  * @hash_parms:   Parameters related to hash algorithm
600  * @aead_parms:   Parameters related to AEAD operation
601  * @data_size:    Length of data to be encrypted or authenticated. If AEAD, does
602  *		  not include length of AAD.
603 
604  * Return: the length of the SPU header in bytes. 0 if an error occurs.
605  */
606 u32 spum_create_request(u8 *spu_hdr,
607 			struct spu_request_opts *req_opts,
608 			struct spu_cipher_parms *cipher_parms,
609 			struct spu_hash_parms *hash_parms,
610 			struct spu_aead_parms *aead_parms,
611 			unsigned int data_size)
612 {
613 	struct SPUHEADER *spuh;
614 	struct BDESC_HEADER *bdesc;
615 	struct BD_HEADER *bd;
616 
617 	u8 *ptr;
618 	u32 protocol_bits = 0;
619 	u32 cipher_bits = 0;
620 	u32 ecf_bits = 0;
621 	u8 sctx_words = 0;
622 	unsigned int buf_len = 0;
623 
624 	/* size of the cipher payload */
625 	unsigned int cipher_len = hash_parms->prebuf_len + data_size +
626 				hash_parms->pad_len;
627 
628 	/* offset of prebuf or data from end of BD header */
629 	unsigned int cipher_offset = aead_parms->assoc_size +
630 		aead_parms->iv_len + aead_parms->aad_pad_len;
631 
632 	/* total size of the DB data (without STAT word padding) */
633 	unsigned int real_db_size = spu_real_db_size(aead_parms->assoc_size,
634 						 aead_parms->iv_len,
635 						 hash_parms->prebuf_len,
636 						 data_size,
637 						 aead_parms->aad_pad_len,
638 						 aead_parms->data_pad_len,
639 						 hash_parms->pad_len);
640 
641 	unsigned int auth_offset = 0;
642 	unsigned int offset_iv = 0;
643 
644 	/* size/offset of the auth payload */
645 	unsigned int auth_len;
646 
647 	auth_len = real_db_size;
648 
649 	if (req_opts->is_aead && req_opts->is_inbound)
650 		cipher_len -= hash_parms->digestsize;
651 
652 	if (req_opts->is_aead && req_opts->is_inbound)
653 		auth_len -= hash_parms->digestsize;
654 
655 	if ((hash_parms->alg == HASH_ALG_AES) &&
656 	    (hash_parms->mode == HASH_MODE_XCBC)) {
657 		auth_len -= hash_parms->pad_len;
658 		cipher_len -= hash_parms->pad_len;
659 	}
660 
661 	flow_log("%s()\n", __func__);
662 	flow_log("  in:%u authFirst:%u\n",
663 		 req_opts->is_inbound, req_opts->auth_first);
664 	flow_log("  %s. cipher alg:%u mode:%u type %u\n",
665 		 spu_alg_name(cipher_parms->alg, cipher_parms->mode),
666 		 cipher_parms->alg, cipher_parms->mode, cipher_parms->type);
667 	flow_log("    key: %d\n", cipher_parms->key_len);
668 	flow_dump("    key: ", cipher_parms->key_buf, cipher_parms->key_len);
669 	flow_log("    iv: %d\n", cipher_parms->iv_len);
670 	flow_dump("    iv: ", cipher_parms->iv_buf, cipher_parms->iv_len);
671 	flow_log("  auth alg:%u mode:%u type %u\n",
672 		 hash_parms->alg, hash_parms->mode, hash_parms->type);
673 	flow_log("  digestsize: %u\n", hash_parms->digestsize);
674 	flow_log("  authkey: %d\n", hash_parms->key_len);
675 	flow_dump("  authkey: ", hash_parms->key_buf, hash_parms->key_len);
676 	flow_log("  assoc_size:%u\n", aead_parms->assoc_size);
677 	flow_log("  prebuf_len:%u\n", hash_parms->prebuf_len);
678 	flow_log("  data_size:%u\n", data_size);
679 	flow_log("  hash_pad_len:%u\n", hash_parms->pad_len);
680 	flow_log("  real_db_size:%u\n", real_db_size);
681 	flow_log(" auth_offset:%u auth_len:%u cipher_offset:%u cipher_len:%u\n",
682 		 auth_offset, auth_len, cipher_offset, cipher_len);
683 	flow_log("  aead_iv: %u\n", aead_parms->iv_len);
684 
685 	/* starting out: zero the header (plus some) */
686 	ptr = spu_hdr;
687 	memset(ptr, 0, sizeof(struct SPUHEADER));
688 
689 	/* format master header word */
690 	/* Do not set the next bit even though the datasheet says to */
691 	spuh = (struct SPUHEADER *)ptr;
692 	ptr += sizeof(struct SPUHEADER);
693 	buf_len += sizeof(struct SPUHEADER);
694 
695 	spuh->mh.op_code = SPU_CRYPTO_OPERATION_GENERIC;
696 	spuh->mh.flags |= (MH_SCTX_PRES | MH_BDESC_PRES | MH_BD_PRES);
697 
698 	/* Format sctx word 0 (protocol_bits) */
699 	sctx_words = 3;		/* size in words */
700 
701 	/* Format sctx word 1 (cipher_bits) */
702 	if (req_opts->is_inbound)
703 		cipher_bits |= CIPHER_INBOUND;
704 	if (req_opts->auth_first)
705 		cipher_bits |= CIPHER_ORDER;
706 
707 	/* Set the crypto parameters in the cipher.flags */
708 	cipher_bits |= cipher_parms->alg << CIPHER_ALG_SHIFT;
709 	cipher_bits |= cipher_parms->mode << CIPHER_MODE_SHIFT;
710 	cipher_bits |= cipher_parms->type << CIPHER_TYPE_SHIFT;
711 
712 	/* Set the auth parameters in the cipher.flags */
713 	cipher_bits |= hash_parms->alg << HASH_ALG_SHIFT;
714 	cipher_bits |= hash_parms->mode << HASH_MODE_SHIFT;
715 	cipher_bits |= hash_parms->type << HASH_TYPE_SHIFT;
716 
717 	/*
718 	 * Format sctx extensions if required, and update main fields if
719 	 * required)
720 	 */
721 	if (hash_parms->alg) {
722 		/* Write the authentication key material if present */
723 		if (hash_parms->key_len) {
724 			memcpy(ptr, hash_parms->key_buf, hash_parms->key_len);
725 			ptr += hash_parms->key_len;
726 			buf_len += hash_parms->key_len;
727 			sctx_words += hash_parms->key_len / 4;
728 		}
729 
730 		if ((cipher_parms->mode == CIPHER_MODE_GCM) ||
731 		    (cipher_parms->mode == CIPHER_MODE_CCM))
732 			/* unpadded length */
733 			offset_iv = aead_parms->assoc_size;
734 
735 		/* if GCM/CCM we need to write ICV into the payload */
736 		if (!req_opts->is_inbound) {
737 			if ((cipher_parms->mode == CIPHER_MODE_GCM) ||
738 			    (cipher_parms->mode == CIPHER_MODE_CCM))
739 				ecf_bits |= 1 << INSERT_ICV_SHIFT;
740 		} else {
741 			ecf_bits |= CHECK_ICV;
742 		}
743 
744 		/* Inform the SPU of the ICV size (in words) */
745 		if (hash_parms->digestsize == 64)
746 			cipher_bits |= ICV_IS_512;
747 		else
748 			ecf_bits |=
749 			(hash_parms->digestsize / 4) << ICV_SIZE_SHIFT;
750 	}
751 
752 	if (req_opts->bd_suppress)
753 		ecf_bits |= BD_SUPPRESS;
754 
755 	/* copy the encryption keys in the SAD entry */
756 	if (cipher_parms->alg) {
757 		if (cipher_parms->key_len) {
758 			memcpy(ptr, cipher_parms->key_buf,
759 			       cipher_parms->key_len);
760 			ptr += cipher_parms->key_len;
761 			buf_len += cipher_parms->key_len;
762 			sctx_words += cipher_parms->key_len / 4;
763 		}
764 
765 		/*
766 		 * if encrypting then set IV size, use SCTX IV unless no IV
767 		 * given here
768 		 */
769 		if (cipher_parms->iv_buf && cipher_parms->iv_len) {
770 			/* Use SCTX IV */
771 			ecf_bits |= SCTX_IV;
772 
773 			/* cipher iv provided so put it in here */
774 			memcpy(ptr, cipher_parms->iv_buf, cipher_parms->iv_len);
775 
776 			ptr += cipher_parms->iv_len;
777 			buf_len += cipher_parms->iv_len;
778 			sctx_words += cipher_parms->iv_len / 4;
779 		}
780 	}
781 
782 	/*
783 	 * RFC4543 (GMAC/ESP) requires data to be sent as part of AAD
784 	 * so we need to override the BDESC parameters.
785 	 */
786 	if (req_opts->is_rfc4543) {
787 		if (req_opts->is_inbound)
788 			data_size -= hash_parms->digestsize;
789 		offset_iv = aead_parms->assoc_size + data_size;
790 		cipher_len = 0;
791 		cipher_offset = offset_iv;
792 		auth_len = cipher_offset + aead_parms->data_pad_len;
793 	}
794 
795 	/* write in the total sctx length now that we know it */
796 	protocol_bits |= sctx_words;
797 
798 	/* Endian adjust the SCTX */
799 	spuh->sa.proto_flags = cpu_to_be32(protocol_bits);
800 	spuh->sa.cipher_flags = cpu_to_be32(cipher_bits);
801 	spuh->sa.ecf = cpu_to_be32(ecf_bits);
802 
803 	/* === create the BDESC section === */
804 	bdesc = (struct BDESC_HEADER *)ptr;
805 
806 	bdesc->offset_mac = cpu_to_be16(auth_offset);
807 	bdesc->length_mac = cpu_to_be16(auth_len);
808 	bdesc->offset_crypto = cpu_to_be16(cipher_offset);
809 	bdesc->length_crypto = cpu_to_be16(cipher_len);
810 
811 	/*
812 	 * CCM in SPU-M requires that ICV not be in same 32-bit word as data or
813 	 * padding.  So account for padding as necessary.
814 	 */
815 	if (cipher_parms->mode == CIPHER_MODE_CCM)
816 		auth_len += spum_wordalign_padlen(auth_len);
817 
818 	bdesc->offset_icv = cpu_to_be16(auth_len);
819 	bdesc->offset_iv = cpu_to_be16(offset_iv);
820 
821 	ptr += sizeof(struct BDESC_HEADER);
822 	buf_len += sizeof(struct BDESC_HEADER);
823 
824 	/* === no MFM section === */
825 
826 	/* === create the BD section === */
827 
828 	/* add the BD header */
829 	bd = (struct BD_HEADER *)ptr;
830 	bd->size = cpu_to_be16(real_db_size);
831 	bd->prev_length = 0;
832 
833 	ptr += sizeof(struct BD_HEADER);
834 	buf_len += sizeof(struct BD_HEADER);
835 
836 	packet_dump("  SPU request header: ", spu_hdr, buf_len);
837 
838 	return buf_len;
839 }
840 
841 /**
842  * spum_cipher_req_init() - Build a SPU request message header, up to and
843  * including the BD header.
844  * @spu_hdr:      Start of SPU request header (MH)
845  * @cipher_parms: Parameters that describe the cipher request
846  *
847  * Construct the message starting at spu_hdr. Caller should allocate this buffer
848  * in DMA-able memory at least SPU_HEADER_ALLOC_LEN bytes long.
849  *
850  * Return: the length of the SPU header in bytes. 0 if an error occurs.
851  */
852 u16 spum_cipher_req_init(u8 *spu_hdr, struct spu_cipher_parms *cipher_parms)
853 {
854 	struct SPUHEADER *spuh;
855 	u32 protocol_bits = 0;
856 	u32 cipher_bits = 0;
857 	u32 ecf_bits = 0;
858 	u8 sctx_words = 0;
859 	u8 *ptr = spu_hdr;
860 
861 	flow_log("%s()\n", __func__);
862 	flow_log("  cipher alg:%u mode:%u type %u\n", cipher_parms->alg,
863 		 cipher_parms->mode, cipher_parms->type);
864 	flow_log("  cipher_iv_len: %u\n", cipher_parms->iv_len);
865 	flow_log("    key: %d\n", cipher_parms->key_len);
866 	flow_dump("    key: ", cipher_parms->key_buf, cipher_parms->key_len);
867 
868 	/* starting out: zero the header (plus some) */
869 	memset(spu_hdr, 0, sizeof(struct SPUHEADER));
870 	ptr += sizeof(struct SPUHEADER);
871 
872 	/* format master header word */
873 	/* Do not set the next bit even though the datasheet says to */
874 	spuh = (struct SPUHEADER *)spu_hdr;
875 
876 	spuh->mh.op_code = SPU_CRYPTO_OPERATION_GENERIC;
877 	spuh->mh.flags |= (MH_SCTX_PRES | MH_BDESC_PRES | MH_BD_PRES);
878 
879 	/* Format sctx word 0 (protocol_bits) */
880 	sctx_words = 3;		/* size in words */
881 
882 	/* copy the encryption keys in the SAD entry */
883 	if (cipher_parms->alg) {
884 		if (cipher_parms->key_len) {
885 			ptr += cipher_parms->key_len;
886 			sctx_words += cipher_parms->key_len / 4;
887 		}
888 
889 		/*
890 		 * if encrypting then set IV size, use SCTX IV unless no IV
891 		 * given here
892 		 */
893 		if (cipher_parms->iv_len) {
894 			/* Use SCTX IV */
895 			ecf_bits |= SCTX_IV;
896 			ptr += cipher_parms->iv_len;
897 			sctx_words += cipher_parms->iv_len / 4;
898 		}
899 	}
900 
901 	/* Set the crypto parameters in the cipher.flags */
902 	cipher_bits |= cipher_parms->alg << CIPHER_ALG_SHIFT;
903 	cipher_bits |= cipher_parms->mode << CIPHER_MODE_SHIFT;
904 	cipher_bits |= cipher_parms->type << CIPHER_TYPE_SHIFT;
905 
906 	/* copy the encryption keys in the SAD entry */
907 	if (cipher_parms->alg && cipher_parms->key_len)
908 		memcpy(spuh + 1, cipher_parms->key_buf, cipher_parms->key_len);
909 
910 	/* write in the total sctx length now that we know it */
911 	protocol_bits |= sctx_words;
912 
913 	/* Endian adjust the SCTX */
914 	spuh->sa.proto_flags = cpu_to_be32(protocol_bits);
915 
916 	/* Endian adjust the SCTX */
917 	spuh->sa.cipher_flags = cpu_to_be32(cipher_bits);
918 	spuh->sa.ecf = cpu_to_be32(ecf_bits);
919 
920 	packet_dump("  SPU request header: ", spu_hdr,
921 		    sizeof(struct SPUHEADER));
922 
923 	return sizeof(struct SPUHEADER) + cipher_parms->key_len +
924 		cipher_parms->iv_len + sizeof(struct BDESC_HEADER) +
925 		sizeof(struct BD_HEADER);
926 }
927 
928 /**
929  * spum_cipher_req_finish() - Finish building a SPU request message header for a
930  * block cipher request. Assumes much of the header was already filled in at
931  * setkey() time in spu_cipher_req_init().
932  * @spu_hdr:         Start of the request message header (MH field)
933  * @spu_req_hdr_len: Length in bytes of the SPU request header
934  * @isInbound:       0 encrypt, 1 decrypt
935  * @cipher_parms:    Parameters describing cipher operation to be performed
936  * @update_key:      If true, rewrite the cipher key in SCTX
937  * @data_size:       Length of the data in the BD field
938  *
939  * Assumes much of the header was already filled in at setkey() time in
940  * spum_cipher_req_init().
941  * spum_cipher_req_init() fills in the encryption key. For RC4, when submitting
942  * a request for a non-first chunk, we use the 260-byte SUPDT field from the
943  * previous response as the key. update_key is true for this case. Unused in all
944  * other cases.
945  */
946 void spum_cipher_req_finish(u8 *spu_hdr,
947 			    u16 spu_req_hdr_len,
948 			    unsigned int is_inbound,
949 			    struct spu_cipher_parms *cipher_parms,
950 			    bool update_key,
951 			    unsigned int data_size)
952 {
953 	struct SPUHEADER *spuh;
954 	struct BDESC_HEADER *bdesc;
955 	struct BD_HEADER *bd;
956 	u8 *bdesc_ptr = spu_hdr + spu_req_hdr_len -
957 	    (sizeof(struct BD_HEADER) + sizeof(struct BDESC_HEADER));
958 
959 	u32 cipher_bits;
960 
961 	flow_log("%s()\n", __func__);
962 	flow_log(" in: %u\n", is_inbound);
963 	flow_log(" cipher alg: %u, cipher_type: %u\n", cipher_parms->alg,
964 		 cipher_parms->type);
965 	if (update_key) {
966 		flow_log(" cipher key len: %u\n", cipher_parms->key_len);
967 		flow_dump("  key: ", cipher_parms->key_buf,
968 			  cipher_parms->key_len);
969 	}
970 
971 	/*
972 	 * In XTS mode, API puts "i" parameter (block tweak) in IV.  For
973 	 * SPU-M, should be in start of the BD; tx_sg_create() copies it there.
974 	 * IV in SPU msg for SPU-M should be 0, since that's the "j" parameter
975 	 * (block ctr within larger data unit) - given we can send entire disk
976 	 * block (<= 4KB) in 1 SPU msg, don't need to use this parameter.
977 	 */
978 	if (cipher_parms->mode == CIPHER_MODE_XTS)
979 		memset(cipher_parms->iv_buf, 0, cipher_parms->iv_len);
980 
981 	flow_log(" iv len: %d\n", cipher_parms->iv_len);
982 	flow_dump("    iv: ", cipher_parms->iv_buf, cipher_parms->iv_len);
983 	flow_log(" data_size: %u\n", data_size);
984 
985 	/* format master header word */
986 	/* Do not set the next bit even though the datasheet says to */
987 	spuh = (struct SPUHEADER *)spu_hdr;
988 
989 	/* cipher_bits was initialized at setkey time */
990 	cipher_bits = be32_to_cpu(spuh->sa.cipher_flags);
991 
992 	/* Format sctx word 1 (cipher_bits) */
993 	if (is_inbound)
994 		cipher_bits |= CIPHER_INBOUND;
995 	else
996 		cipher_bits &= ~CIPHER_INBOUND;
997 
998 	/* update encryption key for RC4 on non-first chunk */
999 	if (update_key) {
1000 		spuh->sa.cipher_flags |=
1001 			cipher_parms->type << CIPHER_TYPE_SHIFT;
1002 		memcpy(spuh + 1, cipher_parms->key_buf, cipher_parms->key_len);
1003 	}
1004 
1005 	if (cipher_parms->alg && cipher_parms->iv_buf && cipher_parms->iv_len)
1006 		/* cipher iv provided so put it in here */
1007 		memcpy(bdesc_ptr - cipher_parms->iv_len, cipher_parms->iv_buf,
1008 		       cipher_parms->iv_len);
1009 
1010 	spuh->sa.cipher_flags = cpu_to_be32(cipher_bits);
1011 
1012 	/* === create the BDESC section === */
1013 	bdesc = (struct BDESC_HEADER *)bdesc_ptr;
1014 	bdesc->offset_mac = 0;
1015 	bdesc->length_mac = 0;
1016 	bdesc->offset_crypto = 0;
1017 
1018 	/* XTS mode, data_size needs to include tweak parameter */
1019 	if (cipher_parms->mode == CIPHER_MODE_XTS)
1020 		bdesc->length_crypto = cpu_to_be16(data_size +
1021 						  SPU_XTS_TWEAK_SIZE);
1022 	else
1023 		bdesc->length_crypto = cpu_to_be16(data_size);
1024 
1025 	bdesc->offset_icv = 0;
1026 	bdesc->offset_iv = 0;
1027 
1028 	/* === no MFM section === */
1029 
1030 	/* === create the BD section === */
1031 	/* add the BD header */
1032 	bd = (struct BD_HEADER *)(bdesc_ptr + sizeof(struct BDESC_HEADER));
1033 	bd->size = cpu_to_be16(data_size);
1034 
1035 	/* XTS mode, data_size needs to include tweak parameter */
1036 	if (cipher_parms->mode == CIPHER_MODE_XTS)
1037 		bd->size = cpu_to_be16(data_size + SPU_XTS_TWEAK_SIZE);
1038 	else
1039 		bd->size = cpu_to_be16(data_size);
1040 
1041 	bd->prev_length = 0;
1042 
1043 	packet_dump("  SPU request header: ", spu_hdr, spu_req_hdr_len);
1044 }
1045 
1046 /**
1047  * spum_request_pad() - Create pad bytes at the end of the data.
1048  * @pad_start:		Start of buffer where pad bytes are to be written
1049  * @gcm_ccm_padding:	length of GCM/CCM padding, in bytes
1050  * @hash_pad_len:	Number of bytes of padding extend data to full block
1051  * @auth_alg:		authentication algorithm
1052  * @auth_mode:		authentication mode
1053  * @total_sent:		length inserted at end of hash pad
1054  * @status_padding:	Number of bytes of padding to align STATUS word
1055  *
1056  * There may be three forms of pad:
1057  *  1. GCM/CCM pad - for GCM/CCM mode ciphers, pad to 16-byte alignment
1058  *  2. hash pad - pad to a block length, with 0x80 data terminator and
1059  *                size at the end
1060  *  3. STAT pad - to ensure the STAT field is 4-byte aligned
1061  */
1062 void spum_request_pad(u8 *pad_start,
1063 		      u32 gcm_ccm_padding,
1064 		      u32 hash_pad_len,
1065 		      enum hash_alg auth_alg,
1066 		      enum hash_mode auth_mode,
1067 		      unsigned int total_sent, u32 status_padding)
1068 {
1069 	u8 *ptr = pad_start;
1070 
1071 	/* fix data alignent for GCM/CCM */
1072 	if (gcm_ccm_padding > 0) {
1073 		flow_log("  GCM: padding to 16 byte alignment: %u bytes\n",
1074 			 gcm_ccm_padding);
1075 		memset(ptr, 0, gcm_ccm_padding);
1076 		ptr += gcm_ccm_padding;
1077 	}
1078 
1079 	if (hash_pad_len > 0) {
1080 		/* clear the padding section */
1081 		memset(ptr, 0, hash_pad_len);
1082 
1083 		if ((auth_alg == HASH_ALG_AES) &&
1084 		    (auth_mode == HASH_MODE_XCBC)) {
1085 			/* AES/XCBC just requires padding to be 0s */
1086 			ptr += hash_pad_len;
1087 		} else {
1088 			/* terminate the data */
1089 			*ptr = 0x80;
1090 			ptr += (hash_pad_len - sizeof(u64));
1091 
1092 			/* add the size at the end as required per alg */
1093 			if (auth_alg == HASH_ALG_MD5)
1094 				*(u64 *)ptr = cpu_to_le64((u64)total_sent * 8);
1095 			else		/* SHA1, SHA2-224, SHA2-256 */
1096 				*(u64 *)ptr = cpu_to_be64((u64)total_sent * 8);
1097 			ptr += sizeof(u64);
1098 		}
1099 	}
1100 
1101 	/* pad to a 4byte alignment for STAT */
1102 	if (status_padding > 0) {
1103 		flow_log("  STAT: padding to 4 byte alignment: %u bytes\n",
1104 			 status_padding);
1105 
1106 		memset(ptr, 0, status_padding);
1107 		ptr += status_padding;
1108 	}
1109 }
1110 
1111 /**
1112  * spum_xts_tweak_in_payload() - Indicate that SPUM DOES place the XTS tweak
1113  * field in the packet payload (rather than using IV)
1114  *
1115  * Return: 1
1116  */
1117 u8 spum_xts_tweak_in_payload(void)
1118 {
1119 	return 1;
1120 }
1121 
1122 /**
1123  * spum_tx_status_len() - Return the length of the STATUS field in a SPU
1124  * response message.
1125  *
1126  * Return: Length of STATUS field in bytes.
1127  */
1128 u8 spum_tx_status_len(void)
1129 {
1130 	return SPU_TX_STATUS_LEN;
1131 }
1132 
1133 /**
1134  * spum_rx_status_len() - Return the length of the STATUS field in a SPU
1135  * response message.
1136  *
1137  * Return: Length of STATUS field in bytes.
1138  */
1139 u8 spum_rx_status_len(void)
1140 {
1141 	return SPU_RX_STATUS_LEN;
1142 }
1143 
1144 /**
1145  * spum_status_process() - Process the status from a SPU response message.
1146  * @statp:  start of STATUS word
1147  * Return:
1148  *   0 - if status is good and response should be processed
1149  *   !0 - status indicates an error and response is invalid
1150  */
1151 int spum_status_process(u8 *statp)
1152 {
1153 	u32 status;
1154 
1155 	status = __be32_to_cpu(*(__be32 *)statp);
1156 	flow_log("SPU response STATUS %#08x\n", status);
1157 	if (status & SPU_STATUS_ERROR_FLAG) {
1158 		pr_err("%s() Warning: Error result from SPU: %#08x\n",
1159 		       __func__, status);
1160 		if (status & SPU_STATUS_INVALID_ICV)
1161 			return SPU_INVALID_ICV;
1162 		return -EBADMSG;
1163 	}
1164 	return 0;
1165 }
1166 
1167 /**
1168  * spum_ccm_update_iv() - Update the IV as per the requirements for CCM mode.
1169  *
1170  * @digestsize:		Digest size of this request
1171  * @cipher_parms:	(pointer to) cipher parmaeters, includes IV buf & IV len
1172  * @assoclen:		Length of AAD data
1173  * @chunksize:		length of input data to be sent in this req
1174  * @is_encrypt:		true if this is an output/encrypt operation
1175  * @is_esp:		true if this is an ESP / RFC4309 operation
1176  *
1177  */
1178 void spum_ccm_update_iv(unsigned int digestsize,
1179 			struct spu_cipher_parms *cipher_parms,
1180 			unsigned int assoclen,
1181 			unsigned int chunksize,
1182 			bool is_encrypt,
1183 			bool is_esp)
1184 {
1185 	u8 L;		/* L from CCM algorithm, length of plaintext data */
1186 	u8 mprime;	/* M' from CCM algo, (M - 2) / 2, where M=authsize */
1187 	u8 adata;
1188 
1189 	if (cipher_parms->iv_len != CCM_AES_IV_SIZE) {
1190 		pr_err("%s(): Invalid IV len %d for CCM mode, should be %d\n",
1191 		       __func__, cipher_parms->iv_len, CCM_AES_IV_SIZE);
1192 		return;
1193 	}
1194 
1195 	/*
1196 	 * IV needs to be formatted as follows:
1197 	 *
1198 	 * |          Byte 0               | Bytes 1 - N | Bytes (N+1) - 15 |
1199 	 * | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | Bits 7 - 0  |    Bits 7 - 0    |
1200 	 * | 0 |Ad?|(M - 2) / 2|   L - 1   |    Nonce    | Plaintext Length |
1201 	 *
1202 	 * Ad? = 1 if AAD present, 0 if not present
1203 	 * M = size of auth field, 8, 12, or 16 bytes (SPU-M) -or-
1204 	 *                         4, 6, 8, 10, 12, 14, 16 bytes (SPU2)
1205 	 * L = Size of Plaintext Length field; Nonce size = 15 - L
1206 	 *
1207 	 * It appears that the crypto API already expects the L-1 portion
1208 	 * to be set in the first byte of the IV, which implicitly determines
1209 	 * the nonce size, and also fills in the nonce.  But the other bits
1210 	 * in byte 0 as well as the plaintext length need to be filled in.
1211 	 *
1212 	 * In rfc4309/esp mode, L is not already in the supplied IV and
1213 	 * we need to fill it in, as well as move the IV data to be after
1214 	 * the salt
1215 	 */
1216 	if (is_esp) {
1217 		L = CCM_ESP_L_VALUE;	/* RFC4309 has fixed L */
1218 	} else {
1219 		/* L' = plaintext length - 1 so Plaintext length is L' + 1 */
1220 		L = ((cipher_parms->iv_buf[0] & CCM_B0_L_PRIME) >>
1221 		      CCM_B0_L_PRIME_SHIFT) + 1;
1222 	}
1223 
1224 	mprime = (digestsize - 2) >> 1;  /* M' = (M - 2) / 2 */
1225 	adata = (assoclen > 0);  /* adata = 1 if any associated data */
1226 
1227 	cipher_parms->iv_buf[0] = (adata << CCM_B0_ADATA_SHIFT) |
1228 				  (mprime << CCM_B0_M_PRIME_SHIFT) |
1229 				  ((L - 1) << CCM_B0_L_PRIME_SHIFT);
1230 
1231 	/* Nonce is already filled in by crypto API, and is 15 - L bytes */
1232 
1233 	/* Don't include digest in plaintext size when decrypting */
1234 	if (!is_encrypt)
1235 		chunksize -= digestsize;
1236 
1237 	/* Fill in length of plaintext, formatted to be L bytes long */
1238 	format_value_ccm(chunksize, &cipher_parms->iv_buf[15 - L + 1], L);
1239 }
1240 
1241 /**
1242  * spum_wordalign_padlen() - Given the length of a data field, determine the
1243  * padding required to align the data following this field on a 4-byte boundary.
1244  * @data_size: length of data field in bytes
1245  *
1246  * Return: length of status field padding, in bytes
1247  */
1248 u32 spum_wordalign_padlen(u32 data_size)
1249 {
1250 	return ((data_size + 3) & ~3) - data_size;
1251 }
1252